kjanceski Posted November 2, 2006 Share Posted November 2, 2006 I have this link in my scriptCode:$sqlQuery=select * from proba where text LIKE '%There%'<a href="script2.php?sql='.urlencode($sqlQuery).'"><input type=button value=click></a>And in script 2 when i write:Code:echo urldecode($_GET['sql']);as a result i haveselect * from proba where text LIKE \'%There%\'with slashI think that those 2 slashes make problem to me. Link to comment https://forums.phpfreaks.com/topic/25986-query-problem/ Share on other sites More sharing options...
Psycho Posted November 2, 2006 Share Posted November 2, 2006 First off, you [b]are[/b] putting the query within double quotes, right?$sqlQuery = "select * from proba where text LIKE '%There%'";Second, passing a query on the URL is a very bad method, IMHO. If the query is always going to be from the same table, just pass the 'like' value and build the query on the receiving page. If the table name changes then just pass the table name and 'like' values.However, if you insist on pasing the whole query string then have you tried using urldecode($_GET[sql]) on the receiving page? Link to comment https://forums.phpfreaks.com/topic/25986-query-problem/#findComment-118756 Share on other sites More sharing options...
trq Posted November 2, 2006 Share Posted November 2, 2006 More than likely you have magic_quotes enabled. Besides that fact though, you should NEVER pass an sql query through the url or any other visable area. Your sql statements really should be hidden from public as they can quite easily lead to security concerns. Link to comment https://forums.phpfreaks.com/topic/25986-query-problem/#findComment-118757 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.